slaprunner: remove recovery-code generation, clone repository is done by webrunner

software/slaprunner/common.cfg

@@ -54,7 +54,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-runner.cfg
 output = ${buildout:directory}/template-runner.cfg.in
-md5sum = f2d704c269244c4eb842aefbc9ff9201
+md5sum = 5fbdf6f9996d6cb948ba042e9dd6e43e
 mode = 0644
 
 [template-runner-import-script]
@@ -70,7 +70,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-runner-import.cfg.in
 output = ${buildout:directory}/instance-runner-import.cfg
-md5sum = 673c30e5e7f9b7bb543f79465a56e43d
+md5sum = a41ff9e12a2304224704f6f31529879b
 mode = 0644
 
 [template-runner-export-script]
@@ -86,13 +86,13 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-runner-export.cfg.in
 output = ${buildout:directory}/instance-runner-export.cfg
-md5sum = 4b0ab39bc655ae0b865207147cb2e5bf
+md5sum = cab358589975d6f250b6363ecc95aab2
 mode = 0644
 
 [template-resilient]
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/instance-resilient.cfg.jinja2
-md5sum = 7b3f74b6ab491e907bbdef2ff40a7791
+md5sum = a902b84ac7d1e29a7fdb06cbc7dec150
 filename = instance-resilient.cfg.jinja2
 mode = 0644
 
@@ -110,7 +110,7 @@ recipe = hexagonit.recipe.download
 ignore-existing = true
 url = ${:_profile_base_location_}/nginx_conf.in
 download-only = true
-md5sum = e6c2e1dd2153afefa0805c4065066e4e
+md5sum = 94d83ef3eb89c2d75c8c079ab12b4518
 filename = nginx_conf.in
 mode = 0644
 
@@ -119,7 +119,7 @@ recipe = hexagonit.recipe.download
 ignore-existing = true
 url = ${:_profile_base_location_}/httpd_conf.in
 download-only = true
-md5sum = 21ef5c7c487bdc774d675e33d000975f
+md5sum = 2e8440fa4b589be649a72108faec7745
 filename = httpd_conf.in
 mode = 0644
 
@@ -135,7 +135,7 @@ location = ${buildout:parts-directory}/${:_buildout_section_name_}
 recipe = hexagonit.recipe.download
 ignore-existing = true
 url = ${:_profile_base_location_}/template/${:filename}
-md5sum = f406b91c5b0261b198a1c1930c195071
+md5sum = ef16446d432e1397182b1654fe920ffb
 location = ${buildout:parts-directory}/${:_buildout_section_name_}
 filename = slapos.cfg.in
 download-only = true
@@ -203,6 +203,7 @@ eggs =
   slapos.recipe.build
   slapos.toolbox[flask_auth]
   Gunicorn
+  futures
   ${slapos-cookbook:eggs}
 
 [extra-eggs]

software/slaprunner/httpd_conf.in

@@ -102,7 +102,7 @@ RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
 RewriteCond %{REQUEST_URI} /git-receive-pack$
 
 <LocationMatch "^/git/">
-        SetEnv GIT_PROJECT_ROOT:{{ parameters.project_private_folder }}
+        SetEnv GIT_PROJECT_ROOT {{ parameters.project_private_folder }}
         Order Deny,Allow
         Deny from env=AUTHREQUIRED
 
@@ -113,7 +113,7 @@ RewriteCond %{REQUEST_URI} /git-receive-pack$
 </LocationMatch>
 
 <LocationMatch "^/git-public/">
-        SetEnv GIT_PROJECT_ROOT:{{ parameters.project_public_folder }}
+        SetEnv GIT_PROJECT_ROOT {{ parameters.project_public_folder }}
         Order Deny,Allow
         Deny from env=AUTHREQUIRED
 

software/slaprunner/instance-resilient.cfg.jinja2

@@ -11,7 +11,8 @@
 {% if number_of_instances > 2 %}
   {% set number_of_instances = 2 %}
 {% endif %}
-{% set slaprunner_return = ['url', 'ssh-public-key', 'ssh-url', 'notification-id', 'ip', 'backend_url', 'url', 'ssh_command', 'access_url', '1_info', '2_info', 'webdav_url', 'public_url', 'git_public_url', 'git_private_url'] -%}
+
+{% set slaprunner_return = ['init-user', 'init-password', 'url', 'ssh-public-key', 'ssh-url', 'notification-id', 'ip', 'backend-url', 'url', 'ssh-command', 'webdav-url', 'public-url', 'git-public-url', 'git-private-url'] -%}
 {% set monitor_return = ['monitor-base-url', 'monitor-url', 'monitor-user', 'monitor-password'] -%}
 {% set monitor_parameter = {'monitor-cors-domains': slapparameter_dict.pop('monitor-cors-domains', "monitor.app.officejs.com")} -%}
 {% set monitor_dict = {'parameter': monitor_parameter, 'return': monitor_return, 'set-monitor-url': True} -%}
@@ -55,21 +56,20 @@ return =  {{ slaprunner_return | join(' ')}} {{ monitor_return | join(' ') }}
 
 [publish-connection-information]
 recipe = slapos.cookbook:publish
-1_info = ${request-runner:connection-1_info}
-2_info = ${request-runner:connection-2_info}
-backend_url = ${request-runner:connection-backend_url}
-access_url = ${request-runner:connection-access_url}
+backend-url = ${request-runner:connection-backend-url}
 url = ${request-runner:connection-url}
-ssh_command = ${request-runner:connection-ssh_command}
-webdav_url = ${request-runner:connection-webdav_url}
-public_url = ${request-runner:connection-public_url}
-git_public_url = ${request-runner:connection-git_public_url}
-git_private_url = ${request-runner:connection-git_private_url}
+init-user = ${request-runner:connection-init-user}
+init-password = ${request-runner:connection-init-password}
+ssh-command = ${request-runner:connection-ssh-command}
+webdav-url = ${request-runner:connection-webdav-url}
+public-url = ${request-runner:connection-public-url}
+git-public-url = ${request-runner:connection-git-public-url}
+git-private-url = ${request-runner:connection-git-private-url}
 {% if slapparameter_dict.get('custom-frontend-backend-url') -%}
 custom-frontend-url = ${request-runner:connection-custom-frontend-url}
 {% endif %}
 monitor-base-url = ${request-runner:connection-monitor-base-url}
-monitor_setup_url = {{ monitor_interface_url }}/#page=settings_configurator&url=${request-runner:connection-monitor-url}&username=${request-runner:connection-monitor-user}&password=${request-runner:connection-monitor-password}
+monitor-setup-url = {{ monitor_interface_url }}/#page=settings_configurator&url=${request-runner:connection-monitor-url}&username=${request-runner:connection-monitor-user}&password=${request-runner:connection-monitor-password}
 
 [slap-parameter]
 # Default parameters for distributed deployment

software/slaprunner/instance-runner-export.cfg.in

@@ -23,7 +23,6 @@ parts +=
   symlinks
   shellinabox
   slapos-cfg
-  slapos-repo
   cron-entry-prepare-software
   deploy-instance-parameters
   instance-software
@@ -56,7 +55,6 @@ context =
 monitor-httpd-port = 8437
 # Pass some parameter to dispay in monitoring interface
 instance-configuration =
-  file recovery-code $${recovery-code:storage-path}
   httpdcors cors-domain $${slaprunner-httpd-cors:location} $${httpd-graceful-wrapper:output}
   raw webrunner-url https://$${request-frontend:connection-domain}
 

software/slaprunner/instance-runner-import.cfg.in

@@ -19,7 +19,6 @@ parts +=
   shellinabox
   symlinks
   slapos-cfg
-  slapos-repo
   cron-entry-prepare-software
   deploy-instance-parameters
   instance-software-type

software/slaprunner/instance-runner.cfg

@@ -20,7 +20,6 @@ parts =
   symlinks
   shellinabox
   slapos-cfg
-  slapos-repo
   cron-entry-prepare-software
   deploy-instance-parameters
   instance-software
@@ -120,12 +119,6 @@ sessions = $${buildout:directory}/.sessions
 private-project = $${:home}/.git-private
 public-project = $${:home}/.git-public
 
-#Create password recovery code for slaprunner
-[recovery-code]
-recipe = slapos.cookbook:generate.password
-storage-path = $${directory:etc}/.rcode
-bytes = 8
-
 [slaprunner]
 slaprunner = ${buildout:directory}/bin/slaprunner
 slapos = ${buildout:directory}/bin/slapos
@@ -171,6 +164,9 @@ instance_info_json = $${runnerdirectory:home}/instance_info.json
 path = $${shell:path}
 instance_name = $${slap-parameter:instance-name}
 
+default_repository = $${slap-parameter:slapos-repository}
+default_repository_branch = $${slap-parameter:slapos-reference}
+
 
 #---------------------------
 #--
@@ -311,7 +307,7 @@ global_ip = $${slap-network-information:global-ipv6}
 global_port = $${slap-parameter:slaprunner-httpd-port}
 working_directory = $${slaprunner:working-directory}
 dav_lock = $${directory:var}/WebDavLock
-htpasswd_file = $${monitor-httpd-conf-parameter:htpasswd-file}
+htpasswd_file = $${directory:etc}/.htpasswd
 etc_dir = $${directory:etc}
 var_dir = $${directory:var}
 project_folder = $${directory:project}
@@ -377,7 +373,7 @@ path_pid = $${directory:run}/gunicorn.pid
 
 [gunicorn-launcher]
 recipe = slapos.cookbook:wrapper
-command-line = $${gunicorn:bin_gunicorn} slapos.runner.run:app -p $${gunicorn:path_pid} -b unix:$${gunicorn:socket} -e RUNNER_CONFIG=$${slaprunner:slapos.cfg} --error-logfile $${directory:log}/$${:error-log-file} --log-level error --preload
+command-line = $${gunicorn:bin_gunicorn} slapos.runner.run:app -p $${gunicorn:path_pid} -b unix:$${gunicorn:socket} -e RUNNER_CONFIG=$${slaprunner:slapos.cfg} --error-logfile $${directory:log}/$${:error-log-file} --timeout 200 --threads 3 --log-level error --preload
 error-log-file = gunicorn-error.log
 wrapper-path = $${gunicorn:bin_launcher}
 environment = PATH=$${environ:PATH}:${git:location}/bin/
@@ -458,26 +454,44 @@ dash_path = {{ dash_executable_location }}
 curl_path = {{ curl_executable_location }}
 check-secure = 1
 
+
+[htpasswd]
+recipe = slapos.cookbook:generate.password
+storage-path = $${directory:etc}/.pwd
+bytes = 8
+
+[runner-htpasswd]
+recipe = plone.recipe.command
+stop-on-error = true
+htpasswd-path = $${monitor-directory:etc}/.htpasswd
+command = if [ ! -f "$${:htpasswd-path}" ]; then ${apache:location}//bin/htpasswd -cb $${:htpasswd-path} $${:user} $${:password}; fi
+update-command = $${:command}
+user = admin
+{% if slapparameter_dict.get('monitor-password', '') -%}
+password = {{ slapparameter_dict['monitor-password'] }}
+{% else -%}
+password = $${htpasswd:passwd}
+{% endif -%}
+
 #--------------------------------------
 #--
 #-- Send information to SlapOS Master
 
 [publish-connection-information]
 recipe = slapos.cookbook:publish
-1_info = On your first run, Use "access_url" to setup you account. Then you can use both "url" or "access_url". Or "backend_url" if you want to use ipv6. Set up your account in the webrunner in order to use webdav, and being able to clone your git repositories from the runner.
-2_info = In order to set up your account, get the recovery-code from the monitoring interface. Use "monitor_setup_url" to configure monitor instance.
-backend_url = $${slaprunner:access-url}
-access_url = $${:url}/login
+backend-url = $${slaprunner:access-url}
 url =  https://$${request-frontend:connection-domain}
-ssh_command = ssh $${dropbear-runner-server:host} -p $${dropbear-runner-server:port}
-webdav_url = $${request-httpd-frontend:connection-secure_access}/share/
-public_url =  $${request-httpd-frontend:connection-secure_access}/public/
-git_public_url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git-public/
-git_private_url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git/
+init-user = $${runner-htpasswd:user}
+init-password = $${runner-htpasswd:password}
+ssh-command = ssh $${dropbear-runner-server:host} -p $${dropbear-runner-server:port}
+webdav-url = $${request-httpd-frontend:connection-secure_access}/share/
+public-url =  $${request-httpd-frontend:connection-secure_access}/public/
+git-public-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git-public/
+git-private-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git/
 monitor-base-url = $${publish:monitor-base-url}
 {% if slapparameter_dict.get('instance-type', '') != 'resilient' -%}
 {% set monitor_interface_url = slapparameter_dict.get('monitor-interface-url', 'https://monitor.app.officejs.com') -%}
-monitor_setup_url = {{ monitor_interface_url }}/#page=settings_configurator&url=$${publish:monitor-url}&username=$${publish:monitor-user}&password=$${publish:monitor-password}
+monitor-setup-url = {{ monitor_interface_url }}/#page=settings_configurator&url=$${publish:monitor-url}&username=$${publish:monitor-user}&password=$${publish:monitor-password}
 {% else -%}
 monitor-url = $${publish:monitor-url}
 monitor-user = $${publish:monitor-user}
@@ -528,7 +542,7 @@ auto-deploy-instance = true
 autorun = false
 slaprunner-httpd-port = $${:monitor-port}
 # XXX - for backward compatibility, monitor-port was for slaprunner httpd server
-monitor-port = 9684
+monitor-port = 9686
 instance-name =
 monitor-cors-domains = 
 monitor-interface-url = 
@@ -579,14 +593,6 @@ ps1 = "\\w> "
 [environ]
 recipe = collective.recipe.environment
 
-[slapos-repo]
-recipe = slapos.recipe.build:gitclone
-repository = $${slap-parameter:slapos-repository}
-git-executable = ${git:location}/bin/git
-develop = true
-location = $${directory:project}/slapos
-branch = $${slap-parameter:slapos-reference}
-
 [prepare-software]
 recipe = slapos.cookbook:wrapper
 command-line = ${curl:location}/bin/curl -g https://[$${slaprunner:ipv6}]:$${slaprunner:runner_port}/isSRReady --max-time 1 --insecure
@@ -732,9 +738,7 @@ cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.of
 {% if slapparameter_dict.get('monitor-username', '') -%}
 username = {{ slapparameter_dict['monitor-username'] }}
 {% endif -%}
-{% if slapparameter_dict.get('monitor-password', '') -%}
-password = {{ slapparameter_dict['monitor-password'] }}
-{% endif -%}
+password = $${runner-htpasswd:password}
 {% if slapparameter_dict.get('monitor-url-list', '') -%}
 monitor-url-list = {{ slapparameter_dict['monitor-url-list'] }}
 {% endif -%}
@@ -742,7 +746,6 @@ monitor-url-list = {{ slapparameter_dict['monitor-url-list'] }}
 {% if not slapparameter_dict.get('authorized-key', '') -%}
 # Pass some parameter to dispay in monitoring interface
 instance-configuration =
-  file recovery-code $${recovery-code:storage-path}
   httpdcors cors-domain $${slaprunner-httpd-cors:location} $${httpd-graceful-wrapper:output}
   raw webrunner-url https://$${request-frontend:connection-domain}
 {% endif -%}

software/slaprunner/nginx_conf.in

@@ -57,10 +57,14 @@ http {
             proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
             proxy_set_header   X-Forwarded-Host  $http_host;
             proxy_set_header   X-Accel-Mapping   /private/;
+            proxy_connect_timeout 200;
+            proxy_send_timeout    200;
+            proxy_read_timeout    200;
+            send_timeout          200;
 
             proxy_pass http://unix:{{ socket }};
         }
-        location ~ ^(/login|/doLogin|/static|/setAccount|/configAccount|/slapgridResult|/isSRReady) {
+        location ~ ^(/login|/doLogin|/static|/slapgridResult|/isSRReady) {
             proxy_redirect off;
             proxy_set_header   X-Forwarded-Proto $scheme;
             proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;

software/slaprunner/software.cfg

@@ -14,6 +14,7 @@ cns.recipe.symlink = 0.2.3
 collective.recipe.environment = 0.2.0
 ecdsa = 0.13
 erp5.util = 0.4.44
+futures = 3.0.5
 gitdb = 0.6.4
 gunicorn = 19.5.0
 prettytable = 0.7.2
@@ -41,3 +42,7 @@ lockfile = 0.12.2
 # Required by:
 # slapos.toolbox==0.56
 paramiko = 2.0.1
+
+# Required by:
+# slapos.toolbox==0.55
+passlib = 1.6.5
\ No newline at end of file

software/slaprunner/template/slapos.cfg.in

@@ -37,6 +37,8 @@ minishell_cwd_file = {{ slaprunner['minishell_cwd_file'] }}
 minishell_history_file = {{ slaprunner['minishell_history_file'] }}
 path = {{ slaprunner['path'] }}
 instance_name = {{ slaprunner['instance_name'] }}
+default_repository = {{ slaprunner['default_repository'] }}
+default_repository_branch = {{ slaprunner['default_repository_branch'] }}
 
 [slapproxy]
 host = {{ slaprunner['ipv4'] }}

[Jérome Perrin]

@alain.takoudjou is it intenational to remove /setAccount here ?

[Alain Takoudjou]

Yes, I removed creation of first account during setup of webrunner so this is not required anymore. /setAccount was used to create first account